Skip to main content
Last updated on

Set up Databricks Git folders

This page shows you how to set up Databricks Git folders for version control. After you complete setup, perform common Git operations such as clone, checkout, commit, push, pull, and branch management directly from the Databricks UI. You can also view diffs for your changes as you develop.

Prerequisites

Before you begin, confirm the following:

  • Git folders are enabled in your workspace (enabled by default). See Enable or disable the Databricks Git folder feature.

  • You have a Git provider account (GitHub, GitLab, Azure DevOps, Bitbucket, or AWS CodeCommit).

  • For private repositories or write operations, you have a personal access token (PAT) or OAuth credentials from your Git provider. See Configure Git credentials & connect a remote repo to Databricks.

    note

    You can clone public remote repositories without Git credentials. To modify a public remote repository or to work with private repositories, configure Git credentials with Write permissions.

Add Git credentials

To configure Git credentials in Databricks:

  1. Click your username in the top bar of the Databricks workspace and select Settings.
  2. Click Linked accounts.
  3. Click Add Git credential.
  4. Select your Git provider from the drop-down menu. Some providers offer OAuth account linking, while others require a personal access token (PAT). If you link your account using OAuth, complete the authentication flow and skip to the last step.
  5. Enter your email in the Git provider email field.
  6. Paste your PAT in the Token field. For instructions on creating a PAT, see Configure Git credentials & connect a remote repo to Databricks. If your organization has SAML SSO enabled in GitHub, authorize your personal access token for SSO.
  7. Click Save.

You can also manage Git credentials using the Databricks Repos API.

Azure DevOps

Git integration doesn't support Microsoft Entra ID tokens. You must use an Azure DevOps personal access token. See Connect to an Azure DevOps repo using a token.

Multiple Git credentials per user

Public Preview

This feature is in Public Preview.

Databricks lets each user store multiple Git credentials, so you can use different providers or accounts without having to switch credentials.

Databricks data intelligence platform

Select credentials for Git folders

Each Git folder can use a specific credential for Git operations. To change the credential for a Git folder:

  1. Open the Git folder and go to the Git settings tab.
  2. Under Git credential, select a credential from the drop-down menu.
  3. Click Save.

select a credential

How default credentials work

Each Git provider supports one default Git credential per user. Databricks automatically uses this default credential for:

  • Jobs
  • Repos API operations
  • Git folder operations (when no specific credential is selected)

The first credential you create for a provider automatically becomes the default. To change your default credential:

  1. Go to User Settings > Linked accounts.
  2. Click the kebab Kebab menu icon. next to the credential that you want to make default.
  3. Select Set as default.

Limitations

  • Jobs that require a non-default Git credential for a provider must use a service principal.
  • Service principals can have only one Git credential.
  • The Databricks GitHub App allows only one linked credential.
  • Each user can have a maximum of 10 Git credentials.

Configure Git commit identity

Your Git commit identity determines how commits made from Databricks appear in your Git provider. When you commit through Databricks Git folders, your Git provider needs to identify you as the author. Configure your email address so that:

  • Commits appear in your Git provider profile
  • Your profile picture and name display correctly
  • You receive proper credit for contributions
  • Team members can track who made each change

How commit identity works

When you configure Git credentials with an email address:

  • Email: Becomes the author email (GIT_AUTHOR_EMAIL and GIT_COMMITTER_EMAIL) for all commits
  • Username: Becomes the committer name (GIT_AUTHOR_NAME and GIT_COMMITTER_NAME)

If you don't specify an email address, Databricks uses your Git username as the email. This can prevent proper commit attribution in your Git provider.

Example commit in Git history:

commit 480ee5b0214e4d46db2da401a83794c5f5c5d375 (HEAD -> main)
Author: GitHub-username <your.email@example.com>
Date:   Fri Sep 26 00:38:23 2025 -0700

    My commit message

Example in Git provider:

Git commit showing author identity with username and email

note

If you created Git credentials before email configuration was available, your email field defaults to your username. Update it to your actual email address for proper commit attribution.

Linked GitHub credentials

If you use linked Git credentials through the Databricks GitHub app, Databricks automatically configures your email and Git identity. If your identity isn't set correctly, Approve the required permissions or re-link your GitHub account for proper permissions.

Configure network connectivity

Git folders require network connectivity to your Git provider. Most configurations work over the internet without additional setup. However, you might need extra configuration if you have:

  • IP allowlists on your Git provider
  • Self-hosted Git servers (GitHub Enterprise, Bitbucket Server, GitLab Self-managed)
  • Private network hosting

Configure IP allowlists

If your Git server is internet-accessible but uses an IP allowlist, such as GitHub allow lists:

  1. Find your Databricks control plane network address translation (NAT) IP address for your region at Databricks clouds and regions.
  2. Add this IP address to your Git server's IP allowlist.

Configure private Git servers

If you host a private Git server, see Set up private Git connectivity for Databricks Git folders (Repos) or contact your Databricks account team for setup instructions.

Security features

Databricks Git folders include the following security features to protect your code and credentials:

Git URL allowlists

Workspace admins can restrict which remote repositories users can access. This helps prevent code exfiltration and enforces use of approved repositories.

Set up a Git URL allowlist

To configure an allowlist:

  1. Click your username in the top bar of the Databricks workspace and select Settings.

  2. Click Development.

  3. Select a Git URL allow list permission option:

    • Disabled (no restrictions): No allowlist enforcement.
    • Restrict Clone, Commit & Push to Allowed Git Repositories: Restricts all operations to allowlist URLs.
    • Only Restrict Commit & Push to Allowed Git Repositories: Restricts only write operations. Clone and pull remain unrestricted.

  4. Click the edit icon Edit icon next to Git URL allowlist: Empty list.

  5. Enter a comma-separated list of URL prefixes.

  6. Click Save.

Saving a new list overwrites the existing allowlist. Changes can take up to 15 minutes to take effect.

Access control

note

Only the Premium plan includes access control.

Control who can access Git folders in your workspace by setting permissions. Permissions apply to all content within a Git folder. Assign one of the following permission levels:

  • NO PERMISSIONS: No access to the Git folder
  • CAN READ: View files only
  • CAN RUN: View and run files
  • CAN EDIT: View, run, and modify files
  • CAN MANAGE: Full control including sharing and deleting

For detailed information about Git folder permissions, see Git folder ACLs.

Audit logging

When you enable audit logging, Databricks logs all Git folder operations, including:

  • Creating, updating, or deleting Git folders
  • Listing Git folders in a workspace
  • Syncing changes between Git folders and remote repositories

Secrets detection

Git folders automatically scan code for exposed credentials before commits. It warns you if it detects:

  • AWS access key IDs starting with AKIA
  • Other sensitive credential patterns

Next steps

After setting up Git folders, explore these related topics: